Organizations face a host of ever-evolving internal and external cybersecurity and information technology (IT) risks and threats that can reduce one’s ability to meet its objectives.

Roadmap to a Sustainable Cybersecurity Management Program

Almost daily new stories pop up about data breaches affecting millions of customer records, payment card data, personal health information and loss of intellectual property or trade secrets. Couple these threats with more regulation and pressure to retain personal and proprietary information and it’s easy to see the challenge. A sustainable program begins here.

Download the e-book >

Information assets and technology investments left ungoverned and unprotected leave organizations vulnerable to compromise, loss of reputation, revenue/value, customers, and intellectual property. Couple these risk with the increasing demands for transparency, accountability and compliance by regulators, government entities, shareholders and others, and you have a perfect storm of risks. Today’s leading organizations proactively address these risks through well-governed and protected cybersecurity and IT management programs to ensure the secure and efficient exchange of sensitive and critical information.

Maximize the confidentiality, integrity, and availability of your information assets and IT investments with help from Baker Tilly’s cybersecurity and IT risk team. We work with organizations to achieve measurable security enhancements and performance improvements, and reduce administrative costs. We will assess your organization’s risks, design controls and implement effective security and IT governance processes, all with the goal of improving technology use.

Cybersecurity and IT Risk services portfolio:


  • Strategic cyber advisory | Board of directors, C-suite
  • General Data Protection Regulation (GDPR) readiness and implementation
  • Cyber policy and program development
  • Cyber risk assessment
  • Breach response preparedness planning
  • Cybersecurity/privacy compliance readiness | PCI DSS, HIPAA, NIST, FERPA, GLBA
  • Pre-loss risk assessment
  • Cyber risk insurance analysis
  • Crisis claims consulting
  • Business interruption risk advisory


  • Virtual CISO/CTO
  • Cybersecurity program design and implementation
  • Security operations staffing services
  • Integrated security testing services
  • Penetration testing and vulnerability scanning
  • Cyber hunting services
  • SIEM content/tuning services
  • Incident response service | Retained and on-demand


  • Security education and awareness programs | Board security education, cyber hygiene, social engineering, phishing, ransomware
  • Simulation, exercises and war games | Board crisis exercises, breach management, tabletop exercises, red team


  • IT project risk review
  • IT risk and effectiveness assessment
  • Business continuity planning, management and testing
  • Disaster recovery programs 
  • Supplier risk interruption (external risk)
  • Compliance program assessment


Our Take

image of David Ross

The cybersecurity threat landscape has evolved dramatically, with significant advancements in the sophistication of cyberattack methods. The more organizations can anticipate risks and build in controls, testing and monitoring to enhance their cybersecurity posture, the better position the organization will be in to detect, defend, respond to and recover from the inevitable breach and to manage a sustainable cybersecurity program.

— David Ross Principal, MBA, MEng, CIPP/E